<?php
/**
 * 全局安全过滤函数
 */
function global_filter() {
	global $_config;
	$params = array(ROUTE_M, ROUTE_C, ROUTE_A);
	foreach ($params as $k => $v) {
		if (!preg_match("/^[a-zA-Z0-9._-]+$/", $v)) {
			die('非法操作！参数带有非法字符，请重新访问或提交！');
		}
	}
	$arrStr = array('%0d%0a', "'", '*', '<', '>');
	global_inject_input($_GET, $arrStr, true);
	global_inject_input($_COOKIE, $arrStr, true);
	global_inject_input($_SERVER, array('%0d%0a'), true);
	
	if (!in_array(strtolower(ROUTE_M), array($_config['admin_module']))) {
		$globals = array($_POST, $_REQUEST, $_FILES);
		foreach ($globals as $param) {
			global_inject_input($param, $arrStr, true);
		}
	} else {
		global_inject_input($_POST, array('%0d%0a'));
		global_inject_input($_REQUEST, array('%0d%0a'));
	}

}

/**
 * 全局安全过滤函数
 */
function global_inject_input($string, $inject_string, $replace = false) {
	if (!is_array($string)) {
		foreach ($inject_string as $value) {
			if (stripos(strtolower($string), $value) !== false) {
				die('非法操作！参数带有非法字符，请重新访问或提交！');
			}
		}
		if ($replace) return filter_var($string,FILTER_SANITIZE_STRING);
		else return $string;
	}
	foreach ($string as $key => $val)
	$string[$key] = global_inject_input($val, $inject_string, $replace);
	return $string;
}